Researchers investigating Carbanak the financial Trojan's origin have found it apparently having links with certain cyber-security company in Russia. Trojan Carbanak, which's very advanced in its operations, has been created for launching attacks on financial institutions, e-payment systems and banks globally. If any computer is infected with Carbanak, mostly via spear-phishing e-mail else because of inadequate network defense, then proliferation of the Trojan gets started to the extent of finding administrative panels followed with monitoring them for seizing financial transaction making.

Incidentally, Trojan Carbanak has been employed for a huge number of high-dollar online robberies. Its creators can be described as mainly infiltrating bank networks with the aid of infected Microsoft Office documents so as to utilize that access for compelling automatic teller machines of banks to dispense cash. Kaspersky Lab the Russian cyber-security company computes that Carbanak gangsters possibly stole nearly USD1bn chiefly from banks in Russia.

Security Researcher Guilmette found that the domains utilized for distributing the e-mails carrying the Carbanak malicious program were registered with e-mail id williamdanielsen@yahoo.com that Xicheng Co., a Chinese firm owned. The e-mail id provided 2 telephone numbers -1066549216 and 1066569215 that were prefixed with the American or Chinese international code. Softpedia.com posted this, July 19, 2016.

Continuing from Guilmette's research, ThreatConnect another security company spotted 484-or-more domains that were linked to the identical electronic mail id else twenty six other electronic mail ids which too displayed Xicheng Co.'s name else the identical telephone numbers.

But with more investigation, it was found that some URLs though registered with those very telephone numbers, didn't serve Carbanak. A particular URL namely cubehost.biz was apparently of Artem Tveritinov a 28-yr-old youth belonging to Perm, Russia, that was registered in 2013.

The URL is no longer active, but independent researcher Brian Krebs states it's an alias of Infocube (also written as InfoKube) another Russian cyber-security company that's as well of Tveritinov.

A lot of the websites employed for Carbanak campaigns obtained their hosting services from this Internet Protocol address. In completion to Kreb's findings, Guilmette showed how the same IP as well supported domains utilized for Citadel campaigns another well-known banking Trojan.

» SPAMfighter News - 7/22/2016

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!